Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ob_start();
- function sec_session_start() {
- $session_name = 'sec_session';
- $secure = true;
- $httponly = true;
- //ini_set('session.use_only_cookies', 1);
- $cookieParams = session_get_cookie_params();
- session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"],
- $cookieParams["domain"], $secure, $httponly);
- session_name($session_name);
- $ip = $_SERVER['REMOTE_ADDR'];
- $time=time();
- $sessionid = hash('sha512', $ip.$time);
- session_start($sessionid);
- if(isset($_SESSION['username']))
- $username=$_SESSION['username'];
- if(isset($_SESSION['user_id']))
- $id=$_SESSION['user_id'];
- if(isset($_SESSION['login_string']))
- $logstring = $_SESSION['login_string'];
- if(isset($_SESSION['ip'])){
- $ipsess = $_SESSION['ip'];
- if($ip!=$ipsess){
- echo "Tentativo di Hacking il Sito Elysium ha prontamente Protetto i Tuoi Dati ";
- $_SESSION = array();
- session_destroy();
- }
- }
- $random=time()+time();
- $sessionid = hash('sha512', $ip.$random);
- session_start($sessionid);
- $_SESSION['username']= $username;
- $_SESSION['user_id']= $id;
- $_SESSION['login_string']= $logstring;
- //session_regenerate_id(true); // Rigenera la sessione e cancella quella creata in precedenza.
- }
- sec_session_start();
- if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){
- $captcha = $_POST['g-recaptcha-response'];
- $secretKey = "google Key";
- $ip = $_SERVER['REMOTE_ADDR'];
- $response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secretKey."&response=".$captcha."&remoteip=".$ip);
- $responseKeys = json_decode($response,true);
- if(intval($responseKeys["success"]) == 1) {
- // Define $myusername and $mypassword
- $username=$_POST['form-username'];
- $password=$_POST['form-password'];
- $password = md5($password);
- // To protect MySQL injection (more detail about MySQL injection)
- $username = stripslashes($username);
- $password = stripslashes($password);
- include('databese/core.php');
- $username = mysqli_real_escape_string($returned,$username);
- $password = mysqli_real_escape_string($returned,$password);
- $sql="SELECT * FROM users WHERE username='$username' and password='$password'";
- $result=mysqli_query($returned,$sql);
- mysqli_close($returned);
- // Mysql_num_row is counting table row
- $count=mysqli_num_rows($result);
- $row=mysqli_fetch_assoc($result);
- $attivazione=$row['attivazione'];
- $id=$row['id'];
- if($count==1){
- if($attivazione==1){
- $time=time();
- include('databese/core.php');
- $sql="UPDATE users SET last_ip = '$ip', last_login = '$time' WHERE username='$username' and password='$password'";
- mysqli_query($returned,$sql);
- mysqli_close($returned);
- $user_browser = $_SERVER['HTTP_USER_AGENT'];
- $logstring= hash('sha512', $password.$user_browser.$ip);
- $_SESSION['username'] = $username;
- $_SESSION['login_string']= $logstring;
- $_SESSION['user_id']= $id;
- $_SESSION['ip']= $ip;
- echo 1;
- }}}}
- sec_session_start();
- if(isset($_SESSION['user_id'], $_SESSION['username'],
- $_SESSION['login_string'])) {
- $user_id = $_SESSION['user_id'];
- $login_string = $_SESSION['login_string'];
- $user_browser = $_SERVER['HTTP_USER_AGENT']; // reperisce la stringa 'user-agent' dell'utente.
- include('../databese/core.php');
- $result = mysqli_query($returned,"SELECT password FROM users WHERE id =
- $user_id LIMIT 1");
- mysqli_close($returned);
- $row=mysqli_fetch_assoc($result);
- $password =$row['password'];
- $ip = $_SERVER['REMOTE_ADDR'];
- $login_check = hash('sha512', $password.$user_browser.$ip);
- if($login_check == $login_string) {
- //page content
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement